Everything you care about in one place
Follow feeds: blogs, news, RSS and more. An effortless way to read and digest content of your choice.
Get Feederspring.io
Spring Security Advisories
Get the latest updates from Spring Security Advisories directly as they happen.
Follow now 31 followers
Latest posts
Last updated 43 minutes ago
CVE-2025-41242 - Medium - CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers
about 9 hours ago
Description Spring Framework MVC applications can be vulnerable to a “Path Traversal...
CVE-2025-22227 - Medium - CVE-2025-22227: Authentication Leak On Redirect With Reactor Netty HTTP Client
about 1 month ago
Description In some specific scenarios with chained redirects, Reactor Netty HTTP client...
CVE-2025-41234 - Medium - CVE-2025-41234: RFD Attack via “Content-Disposition” Header Sourced from Request
2 months ago
Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and...
CVE-2025-41235 - High - CVE-2025-41235: Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies
3 months ago
Description Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from...
CVE-2025-41232 - Medium - CVE-2025-41232: Spring Security authorization bypass for method security annotations on private methods
3 months ago
Description Spring Security Aspects may not correctly locate method security annotations on...
CVE-2025-22233 - Low - CVE-2025-22233: Spring Framework DataBinder Case Sensitive Match Exception (2nd update)
3 months ago
Description CVE-2024-38820 ensured Locale-independent lowercase conversion for both the configured disallowedFields patterns...
CVE-2025-22235 - Medium - CVE-2025-22235: Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed
4 months ago
Description EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for...
CVE-2025-22234 - Medium - CVE-2025-22234: Spring Security BCryptPasswordEncoder maximum password length breaks timing attack mitigation
4 months ago
Description The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation...
CVE-2025-22232 - Medium - CVE-2025-22232: Spring Cloud Config Server May Not Use Vault Token Sent By Clients
4 months ago
Description Spring Cloud Config Server may not use Vault token sent by...
CVE-2025-22223 - Medium - CVE-2025-22223: Spring Security authorization bypass for method security annotations on parameterized types
5 months ago
Description Spring Security may not correctly locate method security annotations on parameterized...
CVE-2025-22228 - High - CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length
5 months ago
Description BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters...
CVE-2024-38829 - Low - CVE-2024-38829: Spring LDAP Spring LDAP sensitive data exposure for case-sensitive comparisons
9 months ago
Description The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions...